On Sun, Dec 18, 2011 at 06:14:19PM -0600, Chris Wopat wrote:
> Claudio and crew,
>
> Unsure if this is a bug or intended. I was testing BGP triggered
> blackholes, one of the routers that will perform the blackhole has
> this rule in its bgpd.conf:
>
> match from group GROUP-IBGP community 1234:666 set { localpref 200
> origin igp nexthop blackhole }
>
>
> Looking exclusively at the bgpctl output makes it appear to be not
> working (186.4.134.249 is a blocked source, 10.171.0.66 is the router
> triggering the blackhole, it should NOT be the nexthop):
>
> # bgpctl show ip bgp detail 186.4.134.249
>
> BGP routing table entry for 186.4.134.249/32
> Nexthop 10.171.0.66 (via 10.171.7.166) from rr1 (10.171.0.16)
> Origin IGP, metric 0, localpref 200, internal, valid, best
> Last update: 00:01:42 ago
> Communities: 1239:66 3356:9999 4150:666 NO_EXPORT
> Originator Id: 10.171.0.66
> Cluster ID List: 10.171.0.16
>
>
> When you look at the actual routing table though, it is blackholed and
> is functioning properly:
>
> # netstat -nr | grep 186.4.134.249
> 186.4.134.249/32 127.0.0.1 UGB 0 14 33160 48 lo0
>
>
> Is this intended behavior?
>
Good question, it seems that the nexthop flags (reject/blackhole) are not
shown in the "show rib detail" output. I guess the via should print out
blackhole in your case.
The "bgpctl show fib" output will show the B flag (IIRC).
--
:wq Claudio
